I expect the hash test is first is to avoid unnecessary resource consumption. If the hash of the public key doesn't match, it won't even try to verify the signature.
If two public keys can share an address, a signature from the respective private key is still required to actually spend funds, no?
P2SH might be worse off because of HASH160. P2PKH still requires an OP_CHECKSIG, whereas if you find a script tailored to you that collides with a script-hash address, you could spend those funds using your version of the script. Either case still requires a SHA256 collision however, making this prospect unlikely.
When I send you money, I am only sending it to a Bitcoin address; I don't know your public key. Any public key that hashes to that Bitcoin address can spend the money.
Of course, even if there were 21 trillion addresses each having one satoshi in them (more than the maximum number of bitcoins that will ever exist), the odds are
impossible-1 that you will ever be able to spend money for a Bitcoin address and key you didn't generate yourself.